Security for DocuSign admin tools

Background

DocuSign internal admin tools are the tools used by employees from Customer Support, Customer Success, Sales, Product and Engineering, to assist customers and troubleshoot issues.

I performed a security review in DocuSign internal admin tools to identify high-risk features that should be reviewed and improved when applicable.

Problem statement

Authorized employees can make a variety of changes in customers’ accounts via internal admin tools. Most of the changes were controlled by a solid but manual and error-prone account change request process. Such changes could not only cause risky scenarios such as account takeover and customer data exposure, but were also time-consuming and harmed employees’ efficiency.

Business goals

• Run a security review in DocuSign internal admin tools to identify high-risk areas

• Define short-term mitigation plan with quick solutions that could be easily accomplished

• Define long-term plan with robust platform solutions

Project details

Steps executed during the security review:

Due to the confidential nature of this project, I will not be able to disclose its specifics such as types of problems identified, solutions proposed, prototypes, screenshots, etc.

Final considerations

• The results were presented to senior leadership including CTO, CISO, and senior directors of Product and Engineering

• The process proposed and followed here served as model so that other product teams could perform security review on their own areas

• This project was a big initiative broken in several projects; even though its main goal was the assess of internal admin tools, it ended up also influencing the roadmap for customer-facing admin tools

Important links

Adam Shostack - Threat Modeling: Designing for Security (STRIDE approach used in this review)